Re: [Mimedefang] PGP encyption of outging email
Steffan wrote: I wonder why you don't want to encrypt/sign in the MUA. It is more flexible and, well, works most of the time. Because users are incapable of getting it right, and the time they forget to encrypt the message may also be the time they send company B's confidential data to company A. At one point I was seeing ~10 messages per week which the users had forgotten to encrypt, and I saw 2 in 6 months go to the wrong company without encryption. I looked at this a long time ago, and got a system working which verified that messages to and from designated domains were encrypted. It was a bit messy, but it worked. It also ensured that the corporate key had been included in the encryption targets, so we could enforce use of this key for message recovery purposes. It did this by trying to decrypt any encrypted parts using the corporate key. Coincidentally, this also stopped employees using encryption to any domain except those we expressly permitted it to - otherwise our confidential data could walk out of the door, and we'd be none the wiser. The issue, as Steffan has already pointed out, is that you have to trust your mail server with the passphrase to your private key, or in our case, to the company's private key. In our circumstances, this was more acceptable than the breaches of security caused by incapable users, but you may not be able to make that argument. Best Wishes, Paul. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
Steffen Kaiser skmimedef...@smail.inf.fh-bonn-rhein-sieg.de wrote: On Wed, 6 May 2009, pete wrote: Is there a method for encrypting outgoing email using PGP (or other methods). I am thinking of doing this on a per recipient basis. I.e encrypt email to people I regularly email and leave plain the rest. If you search CPAN, you find tons of PGP / GnuPG modules unfortunatly. I made a quick search for PGP MIME (so you don't fiddle with the MIME structure yourself) and there are a few as well, e.g. Mail::GnuPG. The most problem I see is that you have to open your secret key to MIMEDefang. As I understand your mail so, that you are using a single-person system, this drops down to how secure your server is and if you trust the system to hold your key without passphrase or in pgp-agent. To encrypt outgoing email only public key (of the recipient) is required. Secret/private key (of sender) is required for *signing*. [...] -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The time spent on any item of the agenda [of a finance committee] will be in inverse proportion to the sum involved. -- C. N. Parkinson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
On Thu, 2009-05-07 at 09:17 +0100, Paul Murphy wrote: Steffan wrote: I wonder why you don't want to encrypt/sign in the MUA. It is more flexible and, well, works most of the time. Because users are incapable of getting it right, and the time they forget to encrypt the message may also be the time they send company B's confidential data to company A. You might want to consider checking that the message is encrypted and rejecting if it is not. That's probably WAY simpler and has the side-effect of educating users on your policy. Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mimedefang + Spamassassin but no X-Spam-Score
I've been getting emails with bad attachments being dropped by Mimedefang. The issue is that the email is SPAM but is not being tested by Spamassassin since there doesn't seem to be an X-Spam-Score in the headers. The original message size is about 120KB according the sendmail logs. Is it a Mimedefang config option that I'm missing? I would like Mimedefang to still have Spamassassin test the email even if there was a dropped attachment. Thanks. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
